Do Not Complicate Routing Security with Voodoo Economics

Sun Sep 4 15:07:30 UTC 2011

>> to me honest, what set me off was
>> 
>>    http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1
>> 
>> describing, among others, a routing working group of an fcc
>> "communications security, reliability and interoperability council"
>> 
>> i.e. these folk plan to write policy and procedures for operators, not
>> just write publish or perish papers.
> 
> apologies.  dorn caught my error
> 
> http://transition.fcc.gov/pshs/advisory/csric3/wg-descriptions_v1.pdf

As one of the co-chairs of this working group, I'd like to chime in to clarify the purpose of this group.  Our goal is to assemble a group of vendors and operators (not "publish or perish" academics) to discuss and recommend effective strategies for incremental deployment of security solutions for BGP (e.g., such as the ongoing RPKI and BGP-SEC work).  It is not to design new security protocols or to "write policy and procedures for operators" -- that would of course be over-reaching and presumptuous.  The goal is specifically to identify strategies for incremental deployment of the solutions designed and evaluated by the appropriate technical groups (e.g., IETF working groups).  And, while the SIGCOMM paper you mention is an example of such a strategy, it is just one single example -- and is by no means the recommendation of a group that is not yet even fully assembled yet.  The working group will debate and discuss a great many issues before suggesting any strategies, and those strategies would be the output of the entire working group.

<tongue in cheek> As for "publish or perish" academics, I doubt you'll find that the small set of academics who choose to go knee deep into operational issues do so because they are trying to optimize their academic careers... ;) </tongue in cheek>

-- Jen